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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Applicants: Feng BAO et al. § 

§ 

Serial No.: Not Yet Assigned § Group Art Unit: UNKNOWN 

§ 

Filed- Concurrently Herewith § Examiner: UNJCNOWN 

§ 

For: Method And Apparatus For § Express Mail Label No. EL915360557US 

Encrypting And Decrypting Data § 

PRELIMINARY AMENDMENT 

Assistant Commissioner for Patents Att'y. Docket No. 2085-00200 

Washington, D.C. 20231 Client Ref. No. KRD-P004US(WO) 

Date: September 24, 2001 

Sir: 

This paper is filed concurrently with the National Phase Entry patent application. 
Prior to examining this case, the Examiner is requested to enter the following amendments 
and consider the accompanying remarks. 

m THE CLAIMS : 

Please amend claims 4, 5, 8, 11-13, 17, 20-23, 27, 28, 31, 34-36, 40, and 43-46 by 
replacement with the following rewritten claims. A marked up version of the amended 
claims, showing the changes by underlining of the added text and bracketing of the deleted 
text, is appended hereto. 

14. A method according to claim 1 wherein step (e) includes outputting the size of the 
2 corresponding data segment. 

15. A method according to claim 1 wherein said first flinction includes a cryptographic 
2 pseudo random generator. 
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8. A method according to claim 1 wherein said accessory data strings are derived 
from various sources. 



1 IL A method according to claim 1 wherein said second function includes an 

2 encryption function of a symmetric key cipher. 

1 12. A method according to claim 1 wherein said second function includes an 

2 encryption function of a block cipher operating in a well known mode, such as Electronic 

3 Code Book mode. 

1 13. A method according to claim 1 wherein said second function includes an 

2 encryption fimction resulting from combined use of more than one symmetric key cipher. 

1 17. A method according to claim 14 wherein said first function includes a 

2 cryptographic pseudo random generator. 

1 20, A method according to claim 14 wherein said accessory data strings include two 

2 parts, one part being derived by the decrypting party in a predetermined fashion from 

3 available sources prior to decrypting said zth ciphertext segment and the other part not 

4 being derived by, and therefore being received by, the decrypting party prior to decrypting 

5 said zth ciphertext segment. 

1 21, A method according to claim 14 wherein said second function includes a 

2 decryption function of a symmetric key cipher. 
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1 22. A method according to claim 14 wherein said second function includes a 

2 decryption function of a block cipher operating in a well known mode, such as Electronic 

3 Code Book mode. 

1 23. A method according to claim 14 wherein said second function includes a 

2 decryption function resulting from a combined use of more than one symmetric key cipher. 

1 27. Apparatus according to claim 24 wherein said means for outputting is adapted for 

2 outputting the size of the corresponding data segment. 

1 28. Apparatus according to claim 24 wherein said first function includes a 

2 cryptographic pseudo random generator. 

1 31. Apparatus according to claim 24 wherein said accessory data strings are derived 

2 from various sources. 

1 34. Apparatus according to claim 24 wherein said second function includes an 

2 encryption fimction of a symmetric key cipher. 

1 35. Apparatus according to claim 24 wherein said second function includes an 

2 encryption fiinction of a block cipher operating in a well known mode, such as Electronic 

3 Code Book mode. 

1 36. Apparatus according to claim 24 wherein said second function includes an 

2 encryption function resulting from combined use of more than one symmetric key cipher. 
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1 40. Apparatus according to claim 37 wherein said first function includes a 

2 cryptographic pseudo random generator. 

1 43. Apparatus according to claim 37 wherein said accessory data strings include two 

2 parts, one part being derived by the decrypting party in a predetermined fashion from 

3 available sources prior to decrypting said ith ciphertext segment and the other part not 

4 being derived by, and therefore being received by, the decrypting party prior to decrypting 

5 said zth ciphertext segment. 

1 44. Apparatus according to claim 37 wherein said second function includes a 

2 decryption function of a symmetric key cipher. 

1 45. Apparatus according to claim 37 wherein said second function includes a 

2 decryption function of a block cipher operating in a well known mode, such as Electronic 

3 Code Book mode. 

1 46, Apparatus according to claim 37 wherein said second function includes a 

2 decryption function resulting from a combined use of more than one symmetric key cipher. 
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REMARKS 



Prior to a first Office action in this matter, the Examiner is requested to enter the 
above amendments above and consider the accompanying remarks. The amendments were 
made simply to change the multiple dependent claims to depend on only one other claim 
and, in no way, narrowed the scope of any claim 

RespectMly submitted. 
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MARKED-UP VERSION OF AMENDMENTS 

IN THE CLAIMS : 

1 1. A method of encrypting data suitable for sending to a decrypting party, said 

2 method including the steps of: 

3 (a) dividing said data into data segments; 

4 (b) accepting at least a cryptographic key k shared with the decrypting party; 

5 (c) for the /th data segment (i - I, 2 to be encrypted, generating the zth 

6 segment key Si using a first function with said cryptographic key k and some accessory 

7 data strings as inputs; 

8 (d) encrypting the ith data segment using a second function with Si as the 

9 encryption key to form the ith ciphertext segment; and 

1 0 (e) outputting the zth ciphertext segment, and at least a part of said accessory 

1 1 data strings for sending data to the decrypting party, and if more data segments are to be 

12 encrypted, repeating steps (c), (d) and (e). 

1 2. A method according to claim 1 wherein said accessory data strings include a single 

2 string F/ derived from the previous value Vf.] in a predetermined fashion. 

1 3, A method according to claim 2 wherein said string vi is derived according to the 

2 relation Vi - F(Vi.i), / - 1, 2, wherein FQ maps Vi.j to Vi and Vo is an initialization value 

3 made known to the decrypting party. 

1 4. (Once Amended) A method according to claim 1[, 2 or 3] wherein step (e) 

2 includes outputting the size of the corresponding data segment. 
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1 5, (Once Amended) A method according [to any one of the preceding claims] claim 

2 1 wherein said first function includes a cryptographic pseudo random generator. 

16. A method according to claim 5 wherein said pseudo random generator includes a 

2 keyed hash function Va, Vi2, Vti), wherein^ is said cryptographic key, (Vu, Vi2, .... VU) 

3 is said accessory data strings and / is a positive integer. 

17. A method according to claim 6 wherein hQ is MD5 or SHA. 

1 8. (Once Amended) A method according to [any one of the preceding claims] claim 

2 X wherein said accessory data strings are derived from various sources. 

19. A method according to claim 8 wherein said sources include current time and date, 

2 or previous accessory data strings, or some initialization values, or at least a part of the 

3 data segments or previous ciphertext segments, or at least a part of previous segment keys. 

1 10. A method according to claim 1 wherein said accessory data strings include two 

2 parts, one part being derived by the decrypting party in a predetermined fashion prior to 

3 decrypting said ?th ciphertext segment and the other part not being derived by, and 

4 therefore being sent to, the decrypting party prior to decrypting said /th ciphertext segment. 

1 11. (Once Amended) A method according to [any one of the preceding claims] claim 

2 I wherein said second fimction includes an encryption function of a symmetric key cipher. 
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1 12. (Once Amended) A method according to [any one of claims 1 to 10] claim 1 

2 wherein said second function includes an encryption function of a block cipher operating 

3 in a well known mode, such as Electronic Code Book mode. 

1 13, (Once Amended) A method according to [any one of claims 1 to 10] claim 1 

2 wherein said second function includes an encryption function resulting from combined use 

3 of more than one symmetric key cipher. 

1 14. A method of decrypting data encrypted by an encrypting party, said method 

2 including the steps of: 

3 (a) accepting at least a cryptographic key k being shared with the encrypting 

4 party; 

5 (b) for the zth ciphertext segment (/ = 1, 2, ...,) to be decrypted, generating the 

6 zth segment key Si using a first function with said cryptographic key k and some accessory 

7 data strings as inputs; 

8 (c) decrypting the /th ciphertext segment using a second function with Si as the 

9 decryption key; 

10 (d) outputting the decrypted /th ciphertext segment, and if more ciphertext 

1 1 segments are to be decrypted, repeating steps (b), (c) and (d). 

1 15. A method according to claim 14 wherein said accessory data strings include a 

2 single string Vi derived from the previous value in a predetermined fashion. 
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1 16. A method according to claim 15 wherein said string Vf is derived according to the 

2 relation = F(Vi.]), i - 1, 2, wherein F() maps Vui to Vi and Vo is an initialization value 

3 made known to the encrypting party. 

1 17. (Once Amended) A method according to claim 14[, 15 or 16] wherein said &st 

2 function includes a cryptographic pseudo random generator. 

1 18. A method according to claim 17 wherein said pseudo random generator includes a 

2 keyed hash function h(k, Va, Vi2, Vu)^ wherein k is said cryptographic key, (F//, Vi2, J^v) 

3 is said accessory data strings and / is a positive integer. 

1 19. A method according to claim 1 8 wherein hQ is MD5 or SHA. 

1 20. (Once Amended) A method according to [any one of claims 14 to 19] claim 14 

2 wherein said accessory data strings include two parts, one paxX being derived by the 

3 decrypting party in a predetermined fashion from available sources prior to decrypting said 

4 /th ciphertext segment and the other part not being derived by, and therefore being received 

5 by, the decrypting party prior to decrypting said /th ciphertext segment, 

1 21, (Once Amended) A method according to [any one of claims 14 to 20] claim 14 

2 wherein said second function includes a decryption function of a symmetric key cipher. 

1 22, (Once Amended) A method according to [any one of claims 14 to 20] claim 14 

2 wherein said second function includes a decryption function of a block cipher operating in 

3 a well known mode, such as Electronic Code Book mode. 
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1 23. (Once Amended) A method according to [any one of claims 14 to 20] claim 14 

2 wherein said second function includes a decryption function resulting from a combined use 

3 of more than one symmetric key cipher. 

1 24. Apparatus for encrypting data suitable for sending to a decrypting party, said 

2 apparatus including: 

3 (a) means for dividing said data into data segments; 

4 (b) memis for accepting at least a cryptographic key k shared with the 

5 decrypting party; 

6 (c) means for generating for the zth data segment (z - 1, 2, to be encrypted, 

7 the zth segment, key Si using a first function with said cryptographic key k and some 

8 accessory data strings as inputs; 

9 (d) means for encrypting the ith data segment using a second function with Si as 

10 the encryption key to form the ith ciphertext segment; and 

1 1 (e) means for outputting the zth ciphertext segment, and at least a part of said 

12 accessory data strings for sending data to the decrypting party, 

1 25. Apparatus according to claim 24 wherein said accessory data strings include a 

2 single string Vi derived from the previous value Vi^j in a predetermined fashion. 

1 26. Apparatus according to claim 25 wherein said string Vt is derived according to the 

2 relation Vi-F(Vi.i), i- 1,2, wherein F() maps v^j to Vi and Vo is an initialization value 

3 made known to the decrypting party. 
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1 27. (Once Amended) Apparatus according to claim 24[, 25 or 26] wherein said means 

2 for outputting is adapted for outputting the size of the corresponding data segment. 

1 28, (Once Amended) Apparatus according to [any one of claims 24 to 27] claim 24 

2 wherein said first function includes a cryptographic pseudo rmidom generator. 

1 29. Apparatus according to claim 28 wherein said pseudo random generator includes a 

2 keyed hash function h(k, Vu, Vi2, Vu), wherein k is said cryptographic key, {Va, Vi2, Vii) 

3 is said accessory data strings and / is a positive integer. 

1 30. Apparatus according to claim 29 wherein hQ is MD5 or SHA. 

1 31. (Once Amended) Apparatus according to [any one of claims 24 to 29] claim 24 

2 wherein said accessory data strings are derived fi*om various sources. 

1 32. Apparatus according to claim 31 wherein said sources include current time and 

2 date, or previous accessory data strings, or some initialization values, or at least a part of 

3 the data segments or previous ciphertext segments, or a part of previous segment keys. 

1 33. Apparatus according to claim 24 wherein said accessory data strings include two 

2 parts, one part being derived by the decrypting party in a predetermined fashion prior to 

3 decrypting said zth ciphertext segment and the other part not being derived by, and 

4 therefore being sent to, the decrypting party prior to decrypting said rth ciphertext segment. 
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1 34. (Once Amended) Apparatus according to [any one of claims 24 to 33 ] claim 24 

2 wherein said second function includes an encryption function of a symmetric key cipher. 

1 35. (Once Amended) Apparatus according to [any one of claims 24 to 33] claim 24 

2 wherein said second function includes an encryption function of a block cipher operating 

3 in a well known mode, such as Electronic Code Book mode. 

1 36. (Once Amended) Apparatus according to [any one of claims 24 to 33] claim 24 

2 wherein said second function includes an encryption function resulting from combined use 

3 of more than one symmetric key cipher. 

1 37. Apparatus for decrypting data encrypted by an encrypting party, said apparatus 

2 including: 

3 (a) means for accepting at least a cryptographic key k being shared with the 

4 encrypting party; 

5 (b) means for generating as inputs for the zth ciphertext segment (/ = 1. 2, ...J 

6 to be decrypted, the ith segment key using a first function with said cryptographic key k 

7 and some accessory data strings; 

8 (c) means for decrypting the ith ciphertext segment using a second fimction 

9 with Si as the decryption key; and 

1 0 (d) means for outputting the decrypted ith ciphertext segment. 

1 38. Apparatus according to claim 37 wherein said accessory data strings include a 

2 single string Vi derived from the previous value Vf.j in a predetermined fashion. 
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1 39. Apparatus according to claim 38 wherein said string Vt is derived according to the 

2 relation Fy = FfVi.j), i- 1,2, wherein FQ maps Vi.j to Vf and Vo is an initialization value 

3 made known to the encrypting party, 

1 40. (Once Amended) Apparatus according to claim 37[, 38 or 39] wherein said first 

2 function includes a cryptographic pseudo random generator. 

1 41 . Apparatus according to claim 40 wherein said pseudo random generator includes a 

2 keyed hash function h(k, Vu, Vi2, .... VuX wherein k is said cryptographic key, (V^, Vi2, .... F//) 

3 is said accessory data strings and / is a positive integer, 

1 42. Apparatus according to claim 41 wherein hQ'is MD5 or SHA. 

1 43. (Once Amended) Apparatus according to [any one of claims 37 to 42] claim 37 

2 wherein said accessory data strings include two parts, one part being derived by the 

3 decrypting party in a predetermined fashion from available sources prior to decrypting said 

4 /th ciphertext segment and the other part not being derived by, and therefore being received 

5 by, the decrypting party prior to decrypting said zth ciphertext segment. 

1 44. (Once Amended) Apparatus according to [any one of claims 37 to 43] claim 37 

2 wherein said second ftmction includes a decryption function of a symmetric key cipher. 

1 45. (Once Amended) Apparatus according to [any one of clakns 37 to 43] claim 37 

2 wherein said second ftmction includes a decryption function of a block cipher operating in 

3 a well known mode, such as Electronic Code Book mode. 
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1 46. (Once Amended) Apparatus according to [any one of claims 37 to 43] claim 37 

2 wherein said second function includes a decryption function resulting from a combined use 

3 of more than one symmetric key cipher. 
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METHOD AND APPARATUS FOR 



ENCRYPTING AND DECRYPTING DATA 



FIELD OF THE INVENTION 



5 



The present Invention relates to cryptography and in particular to a method and 
apparatus for encrypting and decrypting digital data for the purpose of protecting 
or securing its contents. 



There exists a need to transfer data confidentially over an open channel or to 
store such data securely in an unsecure location. Whilst such transfer or storage 
may be achieved by physical means, it is more effective and/or flexible to use 
1 5 cryptographic means. 

In the prior art, to send private communications between two parties, the parties 
need to share a cryptographic key and use a symmetric-key cipher to encr^^t and 
deciypt data. Various ciphers including block ciphers and stream ciphers have 

20 been proposed in the past. A stream cipher handles messages of arbitrary size 
by ciphering individual elements, such as bits or bytes of data. This avoids the 
need to accumulate data into a block before ciphering as is necessary in a block 
cipher. A conventional block cipher requires an accumulation of a certain amount 
of data or multiple data elements for ciphering to complete. Examples of block 

25 ciphers include PES {see ANSI X3.92, "American National Standard for Data 
Encryption Algorithm (DEA) " American National Standards Institute, 1981), IDEA 
(see X. Lai, J. Massey, and S. Murphy, •'Markov ciphers and differential 
cryptanalysis," Advances in Cryptology - EUROCRYPT91 Proceedings, 
Springer-Veriag, 1991, pp. 17-38), SAFER (see J. Massey. SAFER K-64: One 

30 year later. In B. Preneei, editor, Fast Software Encryption - Proceedings of 
Second International Workshop, LNCS 1008, pages 212-241, Springer Veriag, 
1995), and RC5 (see R. Rivest, *The RC5 encryption algorithm," Dr. Dobb's 
Journal, Vol. 20, No. 1, January 1995, pp. 146 -148). A typical data encryption 
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speed for these ciphers is several million bits per second (Mb/s) on a Pentium 
266 MHz processor. 

Due to the pervasiveness of high-speed networking and multimedia 
5 communications, the demand for high-speed ciphers is ever increasing. For 
example, data rates over Asynchronous Data Transfer networks range from 
several tens of Mb/s to 1 Gb/s. Software implementations of existing block ciphers 
cannot reach these kinds of data rates. 

10 In general, stream ciphers are much faster than block ciphers. However, stream 
ciphers are usually not sufficiently analyzed and are perceived to be weaker in 
security than block ciphers. Many stream ciphers that we believed to be very 
secure were subsequently broken. The design of secure and efficient high-speed 
ciphers remains a highly challenging problem. 

15 

Many powerful cryptanalytical methods have been developed during the past 
decade or so. It may be observed that the success of many of these methods in 
attacking a cipher depends on the availability of a large quantity of 
ciphertexts/plaintenxts under a particular encryption key. Normally, the likelihood 
20 of successfully attacking a cipher, i.e., discovering the key, diminishes as the 
amount of available ciphertexts/plaintexts decreases. The present invention, is 
motivated by the above observation, and provides an improved method and 
apparatus for data encryption and decryption. 

25 SUMMARY OF THE INVENTION 

The method of the present invention may employ a combination of at least two 
cryptographic algorithms to achieve relatively high throughput without 
compromizing security. A first algorithm may be a cryptographic pseudo random 
30 sequence (or number) generator with strong security, and a second algorithm 
may be a cipher capable of high-speed operation, but may be weak in security 
when used alone. The first algorithm may be used to systematically and 
periodically generate "segment keys" and the second algorithm may be used to 
encrypt a data segment or plaintext segment using a segment key. Each data 
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segment may be encrypted using a different segment key. By limiting the sizes of 
the data segments, an attacker may not have sufficient plaintexts or ciphertexts 
under a given segment key to carry out meaningful cryptanalysis against the 
second algorithm, in doing so, the present invention may achieve high 
5 throughput in data encryption and decryption without compromizing overall 
security of the system. 

According to one aspect of the present invention there is provided a method of 
encrypting data suitable for sending to a decrypting party, said method including 
4 0 the steps of: 

(a) dividing said data into data segments; 

(b) accepting at least a cryptographic key k shared with the decrypting 
party; 

(c) for the Ah data segment (/ = 1, 2, ...,) to be encrypted, generating 
15 the kh segment key S/ using a first function with said cryptographic 

key and some accessory data strings as inputs; 

(d) encrypting the Ah data segment using a second function with s, as 
the encryption key to form the fth ciphertext segment; and 

(e) outputting the kh ciphertext segment, and at least a part of said 
20 accessory data strings for sending data to the decrypting party, and 

if more data segments are to be encrypted, repeating steps (c), (d) 
and (e). 

The accessory data strings may include a single string V/ derived from the 
25 previous value v^t in a predetermined fashion. The string v/ may be derived 
according to the relation v,- - F{vm), / = 1 , 2, wherein F() maps Vm to Vi and Vo 
is an initialization value made known to the decrypting party. 

According to a further aspect of the present invention there is provided a method 
30 of decrypting data encrypted by an encrypting party, said method including the 
steps of: 

(a) accepting at least a cryptographic key k being shared with the 
encrypting party; 
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(b) for the hh ciphertext segment (/ = 1» 2, ,..,) to be decrypted, 
generating the Ah segment key using a first function with said 
cryptographic key /rand some accessory data strings as inputs; 

(c) decrypting the Ah ciphertext segment using a second function with s,- 
5 as the decryption key; 

(d) outputting the decrypted Ah ciphertext segment, and if more 
ciphertext segments are to be decrypted, repeating steps (b), (c) 
and (d). 



10 According to a still further aspect of the present invention there is provided 
apparatus for encrypting data suitable for sending to a decrypting party, said 
apparatus including: 

(a) means for dividing said data into data segments; 

(b) means for accepting at least a cryptographic key k shared with the 
1 5 decrypting party; 

(c) means for generating for the Ah data segment (/ = 1, 2, ...,) to be 
encrypted, the Ah segment key s, using a first function with said 
cryptographic key /rand some accessory data strings as inputs; 

(d) means for encrypting the Ah data segment using a second function 
20 with Si as the encryption key to fomi the Ah ciphertext segment; and 

(e) means for outputting the Ah ciphertext segment, and at least a part 
of said accessory data strings for sending data to the decrypting 
party. 



25 According to a still further aspect of the present invention there is pro\flded 
apparatus for decrypting data encrypted by an encrypting party, said apparatus 
including: 

(a) means for accepting at least a cryptographic key k being shared 

with the encrypting party; 
30 (b) means for generating as inputs for the Ah ciphertext segment (/ = 1 , 

2, ...,) to be decrypted, the Ah segment key S/ using a first function 

with said cryptographic key k and some accessory data strings; 
(c) means for decrypting the Ah ciphertext segment using a second 

function with s,-as the decryption key; and 
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(d) means for outputting the decrypted /th ciphertext segment. 

The apparatus of the present invention may be conveniently embodied by means 
of a suitably programmed general puipose digital computer. It is well within the 
5 capability of persons skilled in the art of programming digital computers to 
develop software programs for implementing the encrypting/decrypting methods 
described herein. Alternatively the apparatus may be implemented via dedicated 
hardware. 

10 DESCRIPTION OF PREFERRED EMBODIMENT 

A preferred embodiment of the present invention will now be described with 
reference to the accompanying drawings wherein: 

FIGURE 1 depicts a flowchart of the operation of an illustrative embodiment of the 
15 present invention at the data encrypting end of a communication channel; and 

FIGURE 2 depicts a flowchart of the operation of an illustrative embodiment of the 
present invention at the data decrypting end of a communication channel. 

20 FIGURE 1 shows the operation of the present invention at the encrypting end of a 
communication channel. Data encryption is performed using two cryptographic 
algorithms, the first being a cryptographic pseudo random sequence generator 
R() and the second being a high-speed cipher E(), which may be relatively weak 
in security when used alone. The pseudo random sequence generator accepts 

25 two inputs /cand vand outputs a pseudo random sequence s = R{k, v). The high- 
speed cipher accepts a secret key s and a data segment d and produces the 
ciphertext c = E{s, of). In addition, the illustrative embodiment uses a pre- 
determined function F{) to update an initial value, i. e., Vi = F{Vi.i). It is assumed 
that the encrypting end and decrypting ends share a secret key k, an initial value 

30 vo, and the functions F{) and Moreover, it is assumed that the decrypting end 
knows the decrypting algorithm DQ corresponding to the encrypting algorithm E(). 



As shown in FIGURE 1 , at step 100, a program at the encrypting end divides the 
data to be encrypted into segments of equal or unequal sizes: dt, cf^, di, "\ In 
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the former case the last segment may be padded with random data if necessaty; 
while in the latter case, the sizes of the data segments normally need to be known 
by the decrypting end to facilitate decryption. Furthermore, the program accepts 
the shared secret key k and the shared initial value vo as inputs, and sets the 
5 index / = 0. 

At 110, the program inspects if there is any data segment available for encryption, 
and if not, the program terminates. Assuming that there is a data segment 
available, the program, at 120. increments the index / by 1. gets an updated initial 
10 value Vi =r F(Vi.i), generates a segment key S/ = R{k, vi), and uses the segment key 
to encrypt the data segment to get the ciphertext segment c/ = E{Sf, di) in a 
manner that is well known to those skilled in the art. 

At 130, the program transmits the ciphertext segment, and optionally the size of 
15 the corresponding data segment, to the decrypting end. The program then goes 
back to 110 to see if more data segments need to be encrypted. !f so, the 
preceding process is repeated. 

The function FQ is used to update the initial value. One example is v/.^ + i 
20 and another example is a cryptographic hash function. 

Those skilled in the art will see that the shared secret key is protected by the 
cryptographic pseudo random generator R{k, vjj. To obtain good security, it is 
required that R() be secure against all known attacks to the key /c. R{) is 

25 preferably a secure one-way function or one-way hash function in fc That is, 
given R{k, V/) and vj, it should be computationally hard to find /c. One example of 
a pseudo random generator is a keyed one-way hash function h{k, Vt\) or h{k, p, 
kj where hQ is a one-way hash function and where p pads /c to a full input block 
as specified by some hash functions. Examples of one-way hash functions are 

30 MD5 and SHA, (refer respectively, R. Rivest, "The MD5 message digest 
algorithm," IETF RFC 1321, April 1992 and National Institute of Standards and 
Technology, NIST FIPS PUB 186, "Digital Signature Standard," U.S. Department 
of Commerce, May 1994). Another example of a cryptographic pseudo random 
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generator is a strong encryption algorithm such as IDEA with k as the encryption 
key, Vi as plaintext, and the ciphertext output as the pseudo random sequence. 

in the illustrative embodiment for encryption, the segment key s, is used by the 
5 cipher E() to encrypt only one data segment cf/. This implies that only the 
corresponding ciphertext segment C/ and in some cases part of the con^esponding 
data segment are available to an attacker to cryptanalyze the cipher. One 
selection criteria for E{) is that it should be capable of operating at a high-speed. 
Another selection criteria for EQ Is that given the limited amount of ciphertexts 

10 and even part of the corresponding data segment under a segment key, the 
cipher £() should be capable of resisting all known attacks. As a consequence, 
there is a tradeoff between the size of the data segment and system throughput; 
the larger the size of a data segment, the higher the throughput. On the other 
hand, a larger data segment implies that more ciphertexts or plaintexts under a 

15 segment key are available to an attacker to cryptanalyze the cipher E{). 
Examples of EQ are high-speed stream ciphers or block ciphers with fewer 
rounds of iterations than that when they are used alone. In the latter case, the 
notation E{si, df) represents the encryption of data segment d-, using a block cipher 
even when the size of the data segment dj is larger than the block size cf the 

20 underiying block cipher and the encryption may be performed in various modes, 
such as Electronic Code Book or Cipher Block Chaining Mode. 

One specific example of E() Is the following high-speed stream cipher. Let N() be 
a function defined as Nis^)=^iii{x + s^)®s-^)xs^)®s^}»>, where 5 = ^1525354 

25 (consisting of four 32-bit strings) is a 128 bit secret key, x is a 32-bit string, @ is 
the bit-wise exclusive-or, + and x are mod 2^^ addition and multiplication, and »> 
IS to reverse a 32 bit string into opposite ranking. Let b^b^A b^A be the data to 

be encrypted which is a concatenation of 32 bit strings, the corresponding 
ciphertexts are given by =b.®Nis,N{s,N(s4i_^)®b._i)®d^^2), where the initial 

30 values d_^, rf.,, rf_3 can be set to s^,s^,s^. 

Another specific example of EQ is Serpent with a reduced number of rounds. 
Serpent is a block cipher with 128 bit block length, variable key lengths, and 32 
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rounds of operations (see R. Anderson, E. Biham, and L. Knudsen, "Serpent: A 
Proposal for the Advanced. Encryption Standard", 
http://www,cl,cam>ac.uk/-ria14/serpent.htmn . Its inventors showed that to attack 
6 round Serpent successfully, it would require 2^^ and 2^^^ plaintext blocks using 
5 linear and differential cryptanalysis, respectively. Hence, if a 6 round Serpent is 
used as E{) to encrypt data, it should resist both linear and differential 
cryptanalysis as long as the data segment size is less than 2^ 128 bit blocks. At 
the same time, this £() is about 5 times faster than the 32 round Serpent. 

10 FIGURE 2 depicts a flowchart of the operation of the present invention at the data 
decrypting end of a communication channel. As shown in FIGURE 2, at step 200, 
a program at the decrypting end accepts the shared secret key k and the shared 
initial value Vo as inputs, and sets the index / = 0. 

15 The program then checks at 210 to see if there is any ciphertext segment 
available for decryption and if not, the program halts its operation. Assuming that 
a ciphertext segment is received, the program, at 220, increments the index / by 
1, updates the initial value V/ = F(v/-?), computes a segment key S/ R{k, Vf), and 
uses the segment key to decrypt the ciphertext segment to get the data segment 

20 cf; = D(Sy, q) in a fashion that is well known in the art. 

As shown at 230, the program preferably outputs the data segment and then 
goes back to 210 to see if there is more ciphertext segment available for 
decryption, if so, the preceding steps are repeated. 

25 

The embodiment described above is merely one illustrative example of realizing 
the present invention; there can be many variants of this. For example, it is well 
within the capability of persons skilled in the art to suggest alternative ways of 
generating segment keys using a pseudo random generator, where the current 
30 segment key may depend not only on the cryptographic key /c, but also on other 
variables such as part of the plaintext, part of the ciphertext, a time stamp, and 
previous segment keys. 
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Finally, il is to be understood . that various alterations, modifications and/or 
additions may be introduced into tfie constructions and arrangements of parts 
previously described without departing from the spirit or ambit of the present 
invention. 
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CLAIMS 



1 . A method of encrypting data suitable for sending to a decrypting party, said 
5 method including the steps of: 

(a) dividing said data into data segments; 

(b) accepting at least a cryptographic key k shared with the decrypting 
party; 

(c) for the Ah data segment (/ = 1, 2, to be encrypted, generating 
10 the fth segment key s/ using a first function with said cryptographic 

key /cand some accessory data strings as inputs; 

(d) encrypting the Ah data segment using a second function with S/ as 
the encryption key to form the Ah ciphertext segment; and 

(e) outputting the Ah ciphertext segment, and at least a part of said 
15 accessory data strings for sending data to the decrypting party, and 

if more data segments are to be encrypted, repeating steps (c), (d) 
and (e). 



2. A method according to claim 1 wherein said accessory data strings include 
20 a single string v/ derived from the previous value in a predetermined fashion. 

3. A method according to claim 2 wherein said string V/ is derived according to 
the relation Vi = F(v^.t), / = 1, 2, wherein FQ maps to Vf and Va is an 
initialization value made known to the decrypting party. 

25 

4. A method according to claim 1, 2 or 3 wherein step (e) includes outputting 
the size of the corresponding data segment. 



5. A method according to any one of the preceding claims wherein said first 
30 function includes a cryptographic pseudo random generator. 

6. A method according to claim 5 wherein said pseudo random generator 
includes a keyed hash function h{k, Vn, Vi2, v//), wherein kis said cryptographic 
key, (vn, Vi2, viy) is said accessory data strings and / is a positive integer. 
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7. A method according to claim 6 wherein /?() is MD5 or SHA. 

8. A method according to any one of the preceding claims wherein said 
5 accessory data strings are derived from various sources. 

9. A method according to claim 8 wherein said sources include current time 
and date, or previous accessory data strings, or some initialization values, or at 
least a part of the data segments or previous ciphertext segments, or at least a 

1 0 part of previous segment keys. 

10. A method according to claim 1 wherein said accessory data strings include 
two parts, one part being derived by the decrypting party in a predetermined 
fashion prior to decrypting said Ah ciphertext segment and the other part not being 

15 derived by. and therefore being sent to, the decrypting party prior to decrypting 
said Ah ciphertext segment, 

11- A method according to any one of the preceding claims wherein said 
second function includes an encryption function of a symmetric key cipher. 

20 

12. A method according to any one of claims 1 to 10 wherein said second 
function includes an encryption function of a block cipher operating in a well 
known mode, such as Electronic Code Book mode. 

25 13, A method according to any one of claims 1 to 10 wherein said second 
function includes an encryption function resulting from combined use of more 
than one symmetric key cipher. 

14. A method of decrypting data encrypted by an encrypting party, said 
30 method including the steps of: 

(a) accepting at least a cryptographic key k being shared with the 
encrypting party; 
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(b) for the /th ciphertext segment (/ = 1, 2, to be decrypted, 
generating the Ah segment key s, using a first function with said 
cryptographic key kand some accessory data strings as inputs; 

(c) decrypting the Ah ciphertext segment using a second function with S/ 
5 as the decryption key; 

(d) outputting the decrypted Ah ciphertext segment, and if more 
ciphertext segments are to be decrypted, repeating steps (b), (c) 
and (d). 

10 15. A method according to claim 14 wherein said accessory data strings 
include a single string Vi derived from the previous value V/-t tn a predetermined 
fashion, 

16. A method according to claim 15 wherein said string Vi is derived according 
15 to the relation v/ = FfVj-t). / = 1, 2, wherein FQ maps Vm to Vf and Vo is an 

initialization value made known to the encrypting party* 

17. A method according to claim 14, 15 or 16 wherein said first function 
includes a cryptographic pseudo random generator. 

20 

18. A method according to claim 17 wherein said pseudo random generator 
includes a keyed hash function h{K Vn, v^, v^/), wherein k Is said cryptographic 
key, {Vfis Vi2f — ^ Vj?) is said accessory data strings and / is a positive integer. 

25 19. A method according to claim 18 wherein fiQ is MD5 or SHA. 

20. A method according to any one of claims 14 to 19 wherein said accessory 
data strings include two parts, one part being derived by the decrypting party in a 
predetermined fashion from avaitole sources prior to decrypting said Ah 
30 ciphertext segment and the other part not being derived by, and therefore being 
received by, the decrj^ting party prior to decrypting said Ah ciphertext segment. 



21. A method according to any one of claims 14 to 20 wherein said second 
function includes a decrvption function of a symmetric key cipher. 
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22, A method according to any one of claims 14 to 20 wherein said second 
function includes a decryption function of a block cipher operating in a well known 
mode, such as Electronic Code Book mode* 

5 

23. A method according to any one of claims 14 to 20 wherein said second 
function includes a decryption function resulting from a combined use of more 
than one symmetric key cipher. 

10 24. Apparatus for encrypting data suitable for sending to a decrypting party, 
said apparatus including: 

(a) means for dividing said data into data segments; 

(b) means for accepting at least a cryptographic key k shared with the 
decrypting party; 

15 (c) means for generating for the Ah data segment (/ = 1, 2, ...,) to be 

encrypted, the Ah segment key s; using a first function with said 
cryptographic key kmd some accessory data strings as inputs; 
(d) means for encrypting the Ah data segment using a second function 
with Si as the encryption key to form the Ah ciphertext segment; and 

20 (e) means for outputting the Ah ciphertext segment, and at least a part 

of said accessory data strings for sending data to the decrypting 
party. 

25. Apparatus according to claim 24 wherein said accessory data strings 
25 include a single string V7 derived from the pre\4ous value vm in a predetermined 

fashion. 

26. Apparatus according to claim 25 wherein said string V7 is derived according 
to the relation - F{Vi-i}, / = 1, 2, wherein F() maps V},1 to v/ and Vo is an 

30 initialization value made known to the decrypting party. 



27. Apparatus according to claim 24, 25 or 26 wherein said means for 
outputting is adapted for outputting the size of the corresponding data segment. 
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28. Apparatus according to any one of claims 24 to 27 wherein said first 
function includes a cryptographic pseudo random generator 

29. Apparatus according to claim 28 wherein said pseudo random generator 
5 includes a keyed hash function h{k, vn, Vi2, v//), wherein Zeis said cryptographic 

key, (Viu Vi2, Vj!) is said accessory data strings and / is a positive Integer. 

30. Apparatus according to claim 29 wherein h{) is MD5 or SHA. 

10 31 . Apparatus according to any one of claims 24 to 29 wherein said accessory 
data strings are derived from various sources. 

32. Apparatus according to claim 31 wherein said sources include current time 
and date, or previous accessory data strings, or some initialization values, or at 

15 least a part of the data segments or previous ciphertext segments, or a part of 
previous segment keys. 

33. Apparatus according to claim 24 wherein said accessory data strings 
include two parts, one part being derived by the decrypting party in a 

20 predetermined fashion prior to decrypting said Ah ciphertext segment and the 
other part not being derived by, and therefore being sent to, the decrypting party 
prior to decrypting said Ah ciphertext segment. 

34. Apparatus according to any one of claims 24 to 33 wherein said second 
25 function includes an encryption function of a symmetric key cipher. 

35. Apparatus according to any one of claims 24 to 33 wherein said second 
function includes an encr>TDtion function of a block cipher operating in a well 
known mode, such as Electronic Code Book mode. 

30 

36. Apparatus according to any one of claims 24 to 33 wherein said second 
function includes an encryption function resulting from combined use of more 
than one symmetric key cipher. 
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37. Apparatus for decrypting data encrypted by an encrypting party, said 
apparatus including; 

(a) means for accepting at least a cryptographic key k being shared 
witfi the encrypting party; 
5 (b) means for generating as inputs for the /th ciphertext segment (/ = 1 , 

2, ,..,) to be decrypted, the Ah segment key s,- using a first function 
with said cryptographic key /cand some accessory data strings; 
(c) means for decrypting the /th ciphertext segment using a second 
function with Sf as the decryption key; and 
10 (d) means for outputting the decrypted /Ih ciphertext segment. 



38. Apparatus according to claim 37 wherein said accessory data strings 
include a single string V/ derived from the previous value Vm in a predetermined 
fashion. 

15 

39. Apparatus according to claim 38 wherein said string Vf is derived according 
to the relation v/ = F(vm), / = 1. 2, wherein F() maps to Vi and Vo is an 
initialization value made known to the encrypting party. 

20 40, Apparatus according to claim 37, 38 or 39 wherein said first function 
includes a cryptographic pseudo random generator. 

41 . Apparatus according to claim 40 wherein said pseudo random generator 
Includes a keyed hash function h{k, Vn, Vi2, V//). wherein k is said cryptographic 

25 key, (VfU y-^, v^/) is said accessory data strings and / is a positive integer. 

42. Apparatus according to claim 41 wherein /?{) is MD5 or SHA. 

43. Apparatus according to any one of claims 37 to 42 wherein said accessory 
30 data strings include two parts, one part being derived by the decrypting party in a 

predetermined fashion from available sources prior to decrypting said Ah 
ciphertext segment and the other part not being derived by, and therefore being 
received by, the decrypting party prior to decrypting said Ah ciphertext segment. 
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44. Apparatus according to any one of claims 37 to 43 wherein said second 
function includes a decryption function of a symmetric key cipher, 

45. Apparatus according to any one of claims 37 to 43 wherein said second 
5 function includes a decryption function of a block cipher operating in a well known 

mode, such as Electronic Code Book mode. 

46. Apparatus according to any one of claims 37 to 43 wherein said second 
function includes a decryption function resulting from a combined use of more 

10 than one symmetric key cipher. 
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Firm or 
' — ' Individual Name 


Conely, Rose & Tayon, P.C. 


Address 


P.O. Box 3267 


Address 




City 


Houston State 


TX Zip 77253-3267 


Country 


United States of America 


Telephone 


(713)238 8000 Fax 


(713) 238 8008 



I am the: 

H Applicant/I nventor. 



I I Assignee of record of the entire interest. See 37 CFR 3.71 . 

Statement under 37 CFR 3.73(b) is enclosed, (Form PTOISB/96). 



SIGNATURE of Applicant or Assignee of Record 


Name 


DENG Huijie, Robert 


Signature 




Date 





NOTE: Signatures of all the inventors or assignees of record of tine entire interest or their representative(s) are required. Submit multiple 
forms if more than one signature is required, see below*. 



B *Total of ONE(l) form is submitted. 



Burden Hour Statement: This form is estimated to take 3 minutes to complete. Time will vary depending upon the needs of the individual case. Any comments on 
the amount of time you are required to complete this form should be sent to the Chief Information Officer, U.S. Patent and Trademark Office, Washington, DC 
20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Assistant Commissioner for Patents, Washington, DC 20231. 



Please type a plus sign (+) inside this box 
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POWER OF ATTORNEY OR 
AUTHORIZATION OF AGENT 



Application Number 


NOT YET ASSIGNED ^ 


Filing Date 


CONCURRENTLY HEREWITH 


First Named inventor 


BAO Feng 


Group Art Unit 


UNKNOTN 


Examiner Name 


UNKNOWN 


Attorney Docicet Number 


2085-00200 J 



I liereby appoint: 

Practitioners at Customer Number 
OR 

Practitioner(s) named beiow: 



23505 



Place Customer 
Number Bar Code 
Label here 



Name 


Reqistration Number 


David A. Rose 


26,223 


Gregory L. Maag 


32,363 


Michael F. Heim 


32,702 


Jonathan M. Harris 


44,144 



as my/our attorney(s) or agent(s) to prosecute the application identified above, and to transact all 
business In the United States Patent and Trademaric Office connected therewith. 



Please change the correspondence address for the above-identified application to: 
0 The above-mentioned Customer Number. 

OR 



["i/l Firmer 

' — ' Individual Name 



Conely, Rose & Tayon, P.O. 



Address 



P.O. Box 3267 



Address 



City 



Houston 



State 



TX 



Zip [ 77253-3267 



Country 



United States of America 



Telephone 



(713) 238 8000 



Fax (713)238 8008 



I am the: 

Applicant/I n ventor. 

I I Assignee of record of the entire interest. See 37 CFR 3.71 . 

Statement under 37 CFR 3.73(b) is enclosed. (Form PTOISBI96), 



SIGNATURE of Applicant or Assignee of Record 



Name 



BAO Feng 



Signature 



>< 



Date 



NOTE: Signatures of all the inventors or assignees of record of the entire interest or their representative(s) are required. Submit multiple 
forms if more than one signature is required, see below*. 



0 *Total of Three (3) form is submitted. 



Burden Houi Statement: This fonn Is estimated to take 3 minutes to complete. Time will vary depending upon the needs of the individual case. Any comments on 
the amount of time you are required to complete this fomi should be sent to the Chief Information Officer, U.S. Patent and Trademark Office, Washington. DC 
20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Assistant Commissioner for Patents, Washington. DC 20231 



Please type a plus sign (+) inside this box 



\ U~\ PTO/SB/01 (10-00) 

' ' Approved for use tlirough 10/31/2002. 0MB 0651-0032 

U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE 
Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it contains a valid 0MB control number. 



DECLARATION — Utility or Design Patent Application 



Direct all correspondence to: 



0 Customer Number 
or Bar Code Label 



23505 



OR CH Correspondence address below 



Name 



Address 



Address 



City 



Country 



State 



Telephone 



ZIP 



Fax 



I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief 
are believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so 
made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that such willful false statements may jeopardize the 
validity of the application or any patent issued thereon. 



NAME OF SOLE OR FIRST INVENTOR : 



□ A petition has been filed for this unsigned inventor 




Given Name 

(first and middle [if any]) 



Feng 



Family Name b AO 
or Surname ^-^-^-^^ 



Inventor's ^r-^-^C^^ 
Signature ^ Q ^ 



Date 



Residence: City ^^^^PSIS 



State 



Country 



SG 



Citizenship 



P.R.China 



Mailing Address 



37 West Coast Park, #04-06, Parkview Condo 



Mailing Address 



City 



Singapore 



State 



ZIP 



127653 



Country Singapore 



NAME OF SECOND INVENTOR: 



□ A petition has been filed for this unsigned inventor 



Given Name 



/(first and middle [if any]) 



Huijie, Robert 



Family Name ^^E^Q 
or Surname 



Inventor's 
Signature 



Date 



Residence: City SingaBOTe 



state 



Country 



Citizenship Singapore 



Mailing Address 2 Namly Rise 



Mailing Address 



City Singapore 



State 



ZIP 



267110 



Country 



Singapore 



D Additional inventors are being named on the supplemental Additional Inventor(s) sheet(s) PTO/SB/02A attached hereto. 
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